feat: CI/CD pipeline setup complete - Ansible playbooks updated, secrets configured, workflow ready

.deployment-archive-20251030-111806/ansible/secrets/production-vault.yml

@@ -0,0 +1,41 @@
+---
+# Production Secrets Vault
+# IMPORTANT: This file must be encrypted with ansible-vault
+#
+# Encrypt this file:
+#   ansible-vault encrypt deployment/ansible/secrets/production-vault.yml
+#
+# Edit encrypted file:
+#   ansible-vault edit deployment/ansible/secrets/production-vault.yml
+#
+# Decrypt file (for debugging only, never commit decrypted):
+#   ansible-vault decrypt deployment/ansible/secrets/production-vault.yml
+#
+# Use in playbook:
+#   ansible-playbook playbooks/setup-production-secrets.yml --ask-vault-pass
+
+# Database Credentials
+vault_db_name: framework_production
+vault_db_user: framework_app
+vault_db_password: CHANGE_ME_STRONG_DB_PASSWORD_HERE
+
+# Redis Credentials
+vault_redis_password: CHANGE_ME_STRONG_REDIS_PASSWORD_HERE
+
+# Application Secrets
+vault_app_key: CHANGE_ME_BASE64_ENCODED_32_BYTE_KEY
+vault_jwt_secret: CHANGE_ME_STRONG_JWT_SECRET_HERE
+
+# Docker Registry Credentials
+vault_registry_url: git.michaelschiemer.de:5000
+vault_registry_user: deploy
+vault_registry_password: CHANGE_ME_REGISTRY_PASSWORD_HERE
+
+# Security Configuration
+vault_admin_allowed_ips: "127.0.0.1,::1,94.16.110.151"
+
+# SMTP Configuration (optional)
+vault_smtp_host: smtp.example.com
+vault_smtp_port: 587
+vault_smtp_user: noreply@michaelschiemer.de
+vault_smtp_password: CHANGE_ME_SMTP_PASSWORD_HERE